hate these ads?, log in or register to hide them
Page 17 of 27 FirstFirst ... 714151617181920 ... LastLast
Results 321 to 340 of 538

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #321
    Frug's Avatar
    Join Date
    April 9, 2011
    Location
    Canada
    Posts
    13,681
    Quote Originally Posted by Aea View Post
    At least that was my experience with them a long long time ago.
    I remember you complaining about Azure. Couldn't have been that long ago!

    Quote Originally Posted by Loire
    I'm too stupid to say anything that deserves being in your magnificent signature.

  2. #322

    Join Date
    April 18, 2011
    Posts
    2,550
    Quote Originally Posted by Frug View Post
    Quote Originally Posted by Aea View Post
    At least that was my experience with them a long long time ago.
    I remember you complaining about Azure. Couldn't have been that long ago!
    You forget, he's young and we're old, times moves differently.

  3. #323
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,281
    Microsoft's hack that "your AV must set a registry key to vouch they're compatible, before the patches will apply" is getting really messy.

    https://doublepulsar.com/important-i...u-a852ba0292ec
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  4. #324
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    11,703
    okay, that's just fail, pure undiluted fail.
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  5. #325
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,281
    Quote Originally Posted by Daneel Trevize View Post
    And this is also why you run a FOSS OS
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  6. #326

    Join Date
    April 13, 2011
    Posts
    5,999
    Are you seriously blaming Windows for antivirus software behaving like a root kit?

  7. #327
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,281
    No, but for accepting & pandering to it and then implementing this crazy solution.
    It's 2018, Windows has had its own decent AV for years, MS can't be needing kickbacks from AV sales, and the desktop OS competition is founded on the average end user magically not needing one (not to mention how niche it is for servers & mobile devices). So break the shitty ones while patching actual security flaws.
    I mean, we're 17 pages into how fucking terrible 3rd party AVs are...
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  8. #328
    walrus's Avatar
    Join Date
    April 9, 2011
    Location
    Fancomicidolkostümier- ungsspielgruppenzusammenkunft
    Posts
    6,093
    I thought it was OEMs who got the kickbacks from preinstalling AV.
      Spoiler:
    Quote Originally Posted by RazoR View Post
    But islamism IS a product of class warfare. Rich white countries come into developing brown dictatorships, wreck the leadership, infrastructure and economy and then act all surprised that religious fanaticism is on the rise.
    Also:
    Quote Originally Posted by Tellenta View Post
    walrus isnt a bad poster.
    Quote Originally Posted by cullnean View Post
    also i like walrus.
    Quote Originally Posted by AmaNutin View Post
    Yer a hoot

  9. #329
    Movember 2012 Stoffl's Avatar
    Join Date
    April 10, 2011
    Location
    The original viennese waffle
    Posts
    21,367
    Yeah

    Derpin from Chinaphone
    2/10/17 Greatposthellpurge never forget
    23/10/17 The Greatreposteninging ?

  10. #330

    Join Date
    April 13, 2011
    Posts
    5,999
    Quote Originally Posted by Daneel Trevize View Post
    No, but for accepting & pandering to it and then implementing this crazy solution.
    It's 2018, Windows has had its own decent AV for years, MS can't be needing kickbacks from AV sales, and the desktop OS competition is founded on the average end user magically not needing one (not to mention how niche it is for servers & mobile devices). So break the shitty ones while patching actual security flaws.
    I mean, we're 17 pages into how fucking terrible 3rd party AVs are...
    So which of the following alternative options do you think MS should go for:

    Option 1) Forcibly turn on all the features, risking BSODs galore as shitty AV fucks everything up
    Option 2) Forcibly disable the AV software people have paid for and in many cases laws and regs say they must run

    Stop talking shit

  11. #331
    Corwyna's Avatar
    Join Date
    April 10, 2011
    Location
    Croatistan
    Posts
    3,317
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Daneel Trevize View Post
    No, but for accepting & pandering to it and then implementing this crazy solution.
    It's 2018, Windows has had its own decent AV for years, MS can't be needing kickbacks from AV sales, and the desktop OS competition is founded on the average end user magically not needing one (not to mention how niche it is for servers & mobile devices). So break the shitty ones while patching actual security flaws.
    I mean, we're 17 pages into how fucking terrible 3rd party AVs are...
    So which of the following alternative options do you think MS should go for:

    Option 1) Forcibly turn on all the features, risking BSODs galore as shitty AV fucks everything up
    Option 2) Forcibly disable the AV software people have paid for and in many cases laws and regs say they must run

    Stop talking shit
    2nd one turns on MS default one, so they would still be protected and would force response from AV makers. I don't see that being that bad.
    Hiro Cor

  12. #332

    Join Date
    April 13, 2011
    Posts
    5,999
    You don't see the OS vendor forcibly disabling software you've installed, software you own, software you may well be legally required to run as "that bad"?

    Really?

  13. #333
    Cosmin's Avatar
    Join Date
    March 14, 2012
    Location
    UK
    Posts
    5,737
    Quote Originally Posted by elmicker View Post
    You don't see the OS vendor forcibly disabling software you've installed, software you own, software you may well be legally required to run as "that bad"?

    Really?
    It's not like Windows 10 didn't disable/reassign stuff from software you own/bought before, right?

    Truth be told, with so many layers between hardware and OS (UEFI, MiniX, fuck knows what), AVs need to dig as deep as possible as to maintain control and not let anything slip through. Unfortunately I'm not so sure we would them to be if there weren't so many fucking layers between the hardware and the OS.
    Guns make the news, science doesn't.

  14. #334
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,281
    MS's patch can do practically whatever (if with release notes), it's on the end user to accept & test that or not. It's not like any other security fixes come with multiple choice options, you get their 1 way of fixing things or you come up with your own mitigations, or choose a different system.
    The patch should be one that actually fixes the issue + disables known incompatible apps & enables MS's, or isn't applied at all. It's dumb to have the situation where a patch is installed, but not active, and it's not clear who's responsible for farting about with the registry if there's several suites interacting. And it's super-dumb that it doesn't have a deadline when it will no longer care about this registry key & just revert to doing the right thing immediately.

    Anyone "legally required to run an AV" is probably also required to test patches (if such a law even exists, and isn't simply "take all reasonable measures"). They're responsible for choosing the lesser of 2 evils, of patching vs running shitty AV that they're now aware doesn't work well with their OS's security & memory model. They don't get to just stop thinking about security because they have an AV. And I'd like to see whatever evidence they're using that qualifies some arbitrary 3rd party AV over any other or MS's.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  15. #335

    Join Date
    April 13, 2011
    Posts
    5,999


    You must live on another planet.

  16. #336

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,019
    Was it Windows 7 SP1 which stopped a load of (**)antivirus products working 'cos they were rootkiting their way into the kernel rather than using the proper API calls ?

    * Mostly the famously shit ones eg McAffee and Symantec.
    Please don't teach me what to do with my pc.

  17. #337
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,362
    I’m harvesting credit card numbers and passwords from your site. Here’s how.

    The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.

  18. #338
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,281
    Quote Originally Posted by elmicker View Post
    Think about it, with a normal patch you'd have:
    Compatible Incompatible
    Unpatched Working, Vulnerable Working, Vulnerable
    Patched Working, Secure Not Working, (secure-by-being-off)
    Nothing too extreme, take it up with your AV vendor as to why they're Incompatible.

    With this registry shit, now you have:

    Compatible and adapted Compatible but not adapted Incompatible
    Unpatched Working, Vulnerable Working, Vulnerable Working, Vulnerable
    Patched Working, Secure Working, Vulnerable (effectively Unpatched) Not Working, (secure-by-being-off)

    Because the otherwise-compatible AV now has to be modified to work 'correctly' with this key (or admins have to build a system to get this right themselves, lol accepting liability NOPE), else it's not effectively better than an incompatible AV because the vulnerability isn't truely patched.
    AFAIK no prior AV works with this patch by default, all must dance to this tune.

    You're talking a new version of the AV to have to test/trust, assumed to be a small change but with big impact, so the risk factor multiplies out to moderate.

    And that's assuming the key usage & behaviour doesn't change in the face of outcry about how shit it is atm...
    If it does, testing multiplies.

    P.S., re: npm, continue to FUCK the shitty JS dev ecosystem, and learn to run & use your own verified package repos.
    Last edited by Daneel Trevize; January 11 2018 at 02:40:22 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  19. #339
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,301
    Could you imagine the headlines.. "Microsoft remove 3rd party antivirus in favour of their own".. I imagine they didn't do this because they got pretty fucked over with the last antitrust case...
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  20. #340
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,281
    How would this choice open up antitrust issues?

    The following installed software [List below] has been found to be incompatible with this patch, do you wish to:
    uninstall this software and apply this patch;
    apply this patch at your own risk of incompatibility including rendering the patch ineffective*;
    cancel this patch install?

    * This is what all other patches do anyway, you're responsible for what shitty mix of software you put in your system, not MS.

    The registry opt-in fuckery just distorts this, setting a terrible precedent for MS too. Seems they rushed at putting this fix out and some management bottled pushing responsibility on users, instead opening MS up to some more complex arrangement.
    Last edited by Daneel Trevize; January 12 2018 at 09:47:34 AM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •